Systems And Methods Of Transaction Authorization Using Server-Triggered Switching To An Integrity-Attested Virtual Machine
Abstract
Described systems and methods allow a client system to carry out secure transactions with a remote service-providing server, in applications such as online banking and e-commerce. The server may evaluate each transaction to determine whether the transaction requires security clearance, according to criteria including, among others, a transaction amount, a location of the client system, and/or a history of transactions carried out for the respective user. In some embodiments, when the transaction requires security clearance, the server instructs the client system to switch to executing a secure virtual machine. In some embodiments, most transaction details (e.g., a selection of merchandise, an amount of a bank transfer, a delivery address) are sent to the server from a regular browser application, while a transaction authorization is sent to the server from within the secure virtual machine.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A server computer system configured to receive transaction requests from a plurality of client systems, and further configured to employ at least one processor of the server computer system to:
in response to receiving a transaction request from a client application executing on a client system of the plurality of client systems, determine whether a transaction indicated by the transaction request requires security clearance; and when the transaction requires security clearance, send a transaction token to the client system, the transaction token uniquely identifying the transaction among a plurality of transactions; wherein the client system is configured to, in response to receiving the transaction token, switch to executing a secure virtual machine (VM) having a virtualized processor, and wherein executing the secure VM comprises:
employing the virtualized processor to display an overview of the transaction to a user of the client system,
in response to displaying the overview, employing the virtualized processor to receive a user input indicating that the user agrees to the transaction, and
in response to receiving the user input, employing the virtualized processor to send a transaction authorization to the server computer system, wherein the transaction authorization is required by the server computer system to perform the transaction.
2 . The server computer system of claim 1 , wherein the client application comprises a web browser application.
3 . The server computer system of claim 1 , wherein the client application executes within a client VM executing on the client system, the client VM distinct from the secure VM.
4 . The server computer system of claim 1 , further configured to, in response to receiving an integrity measurement of the secure VM from the client system, determine according to the integrity measurement whether the secure VM is in a trusted state.
5 . The server computer system of claim 4 , further configured to, in response to determining whether the secure VM is in the trusted state, when the secure VM is in the trusted state, send the overview to the client system.
6 . The server computer system of claim 4 , further configured to, in response to determining whether the secure VM is in the trusted state, to perform the transaction only when the secure VM is in the trusted state.
7 . The server computer system of claim 4 , further configured to:
in response to determining whether the secure VM is in the trusted state, when the secure VM is in the trusted state, send a server authentication token to the client system, the server authentication token specified by the user prior to the server computer system receiving the transaction request; and wherein the secure VM is further configured to display the server authentication token to the user in response to the client system receiving the server authentication token.
8 . The server computer system of claim 4 , wherein the client system is further configured to cryptographically sign the integrity measurement using a key specific to the client system, and to transmit the signed integrity measurement to the server computer system.
9 . The server computer system of claim 1 , wherein displaying the overview of the transaction includes receiving the overview from the client application.
10 . The server computer system of claim 1 , further configured to determine whether the transaction requires security clearance according to a policy determined for the user.
11 . The server computer system of claim 10 , wherein the policy is determined according to a transaction preference specified by the user.
12 . The server computer system of claim 10 , wherein the policy is determined according to a set of transactions successfully carried out for the user.
13 . The server computer system of claim 1 , wherein switching to executing the secure VM comprises transitioning the client system from a state in which a peripheral device used by the client application is in a high-powered condition to a state in which the peripheral device is in a low-powered condition.
14 . The server computer system of claim 1 , wherein switching to executing the secure VM comprises instantiating a hypervisor on the client system, the hypervisor configured to expose the secure VM.
15 . The server computer system of claim 1 , wherein the client system is further configured, in response to the secure VM sending the transaction authorization to the server computer system, to terminate the secure VM.
16 . The server computer system of claim 1 , wherein the transaction request includes an indicator of a transacted item.
17 . The server computer system of claim 1 , further configured to receive an indicator of a transacted item of the transaction from the client system, and to receive the transaction request in response to receiving the indicator of the transacted item.
18 . A non-transitory computer-readable medium storing instructions which, when executed by at least one processor of a client system, cause the client system to form a hypervisor and a virtual machine (VM) launch module, wherein the client system further operates a client application configured to send a transaction request to a remote server computer system, and wherein:
the server computer system is configured to:
in response to receiving the transaction request, determine whether a transaction indicated by the transaction request requires security clearance; and
when the transaction requires security clearance, send a transaction token to the client system, the transaction token uniquely identifying the transaction among a plurality of transactions;
the VM launch module is configured to detect a receipt by the client system of the transaction token; and the hypervisor is configured to:
expose a secure VM on the client system, the secure VM comprising a virtualized processor, and
in response to the VM launch module detecting the receipt of the transaction token, switch the client system to executing the secure VM, wherein executing the secure VM comprises:
employing the virtualized processor to display an overview of the transaction to a user of the client system,
in response to displaying the overview, employing the virtualized processor to receive a user input indicating that the user agrees to the transaction, and
in response to receiving the user input, employing the virtualized processor to send a transaction authorization to the server computer system, wherein the transaction authorization is required by the server computer system to perform the transaction.
19 . The computer-readable medium of claim 18 , wherein the client application comprises a web browser application.
20 . The computer-readable medium of claim 18 , wherein the client application executes within a client VM exposed by the hypervisor on the client system, the client VM distinct from the secure VM.
21 . The computer-readable medium of claim 18 , wherein the secure VM is further configured to send an integrity measurement of the secure VM to the server computer system, and wherein the server computer system is configured to determine according to the integrity measurement whether the secure VM is in a trusted state.
22 . The computer-readable medium of claim 21 , wherein the server computer system is further configured, in response to determining whether the secure VM is in the trusted state, when the secure VM is in the trusted state, to send the overview to the client system.
23 . The computer-readable medium of claim 21 , wherein the server computer system is further configured, in response to determining whether the secure VM is in the trusted state, to perform the transaction only when the secure VM is in the trusted state.
24 . The computer-readable medium of claim 21 , wherein:
the server computer system is further configured, in response to determining whether the secure VM is in the trusted state, when the secure VM is in the trusted state, send a server authentication token to the client system, the server authentication token specified by the user prior to the server computer system receiving the transaction request; and wherein the secure VM is further configured to display the server authentication token to the user in response to the client system receiving the server authentication token.
25 . The computer-readable medium of claim 21 , wherein the secure VM is further configured to cryptographically sign the integrity measurement using a key specific to the client system, and to transmit the signed integrity measurement to the server computer system.
26 . The computer-readable medium of claim 18 , wherein displaying the overview of the transaction includes receiving the overview from the client application.
27 . The computer-readable medium of claim 18 , wherein the server computer system is configured to determine whether the transaction requires security clearance according to a policy determined for the user.
28 . The computer-readable medium of claim 27 , wherein the policy is determined according to a transaction preference specified by the user.
29 . The computer-readable medium of claim 27 , wherein the policy is determined according to a set of transactions successfully carried out for the user prior to the server computer system receiving the transaction request.
30 . The computer-readable medium of claim 18 , wherein switching to executing the secure VM comprises transitioning the client system from a state in which a peripheral device used by the client application is in a high-powered condition to a state in which the peripheral device is in a low-powered condition.
31 . The computer-readable medium of claim 18 , wherein switching to executing the secure VM comprises launching an instance of the hypervisor.
32 . The computer-readable medium of claim 18 , wherein the hypervisor is further configured, in response to the secure VM sending the transaction authorization to the server computer system, to terminate the secure VM.
33 . The computer-readable medium of claim 18 , wherein the transaction request includes an indicator of a transacted item.
34 . The computer-readable medium of claim 18 , wherein the client application is further configured to send an indicator of a transacted item of the transaction to the server computer system, and to send the transaction request in response to sending the indicator of the transacted item.
35 . A non-transitory computer-readable medium storing instructions which, when executed by at least one processor of a server computer system configured to receive transaction requests from a plurality of client systems, cause the server computer system to:
in response to receiving a transaction request from a client application executing on a client system of the plurality of client systems, determine whether a transaction indicated by the transaction request requires security clearance; and when the transaction requires security clearance, send a transaction token to the client system, the transaction token uniquely identifying the transaction among a plurality of transactions; wherein the client system is configured to, in response to receiving the transaction token, switch to executing a secure virtual machine (VM) having a virtualized processor, and wherein executing the secure VM comprises:
employing the virtualized processor to display an overview of the transaction to a user of the client system,
in response to displaying the overview, employing the virtualized processor to receive a user input indicating that the user agrees to the transaction, and
in response to receiving the user input, employing the virtualized processor to send a transaction authorization to the server computer system, wherein the transaction authorization is required by the server computer system to perform the transaction.Join the waitlist — get patent alerts
Track US2016164880A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.